Nine Million EasyJet Customers Hacked

British budget airline EasyJet has said that nine million customer data, email addresses and travel details have been stolen and that 2,208 customers also had their credit card details hacked.

EasyJet say they first became aware of the attack in January. Stolen credit card data included the three digital security code, known as the CVV number, on the back of the card itself. It admitted that it has only gone public now in order to warn the nine million customers whose email addresses had been stolen to be wary of phishing attacks, saying that it will notify everyone affected by 26 May.

The airline did not provide details about the nature of the attack or the motives, but said its investigation suggested hackers were targeting "company intellectual property" rather than information that could be used in identity theft. 

"There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the ICO, we are communicating with the approximately nine million customers whose travel details were accessed to advise them of protective steps to minimise any risk of potential phishing.....We are advising customers to be cautious of any communications purporting to come from EasyJet or EasyJet Holidays," the company said.

Phishing 
Phishing attempts, which see criminals sending emails with links to fake web pages that steal personal data, have risen exponentially during the coronavirus crisis. Google blocks over 100 million phishing emails daily to Gmail users.
Under GDPR (General Data Protection Regulation), if EasyJet is found to have mishandled customer data, it could face fines of up to 4% of its annual worldwide turnover.

Generally, personal details can be used by fraudsters to access bank accounts, open accounts and take out loans in the innocent victims' names, make fraudulent purchases, or sell on to other criminals. The risks to those whose card details have been compromised are clear. Their provider should already have stopped the card, a new one will be issued, and they will need to sort out any regular payments coming from that card.

Following a similar data breach at British Airways in 2018, some found this a frustrating and time-consuming task.
Millions of people whose email addresses and travel details have been accessed will need to change passwords, and be wary of any unexpected transactions.

Everyone else, particularly EasyJet customers whose details have not been affected, must be alert to other unsolicited emails and messages. 

Fraudsters will likely try to impersonate as EasyJet, banks, or the authorities and claim to be dealing with this latest breach to defraud customers. They are simply trying to steal personal details themselves. Keep a close eye on credit card bills for anything untoward. You should change any passwords on affected accounts – and also any others if you used the same password elsewhere.

If you get a call from your bank or card company saying it has noticed fraudulent transactions, be on your guard. End the call and then phone the bank or card company back to check it was legitimate. Also, don’t hand over any passcodes or passwords to anyone, whoever they claim to be.

VOA News:   BBC:       Guardian:     Metro

You Might Also Read: 

The BA Hack And How Not To Respond To A Cyber Attack:

Air Travel Needs Stronger Cyber Security:

 

 

 

 

« EU Parliament Suffers A Major Attack
Employees Lack Cyber Protection In Lockdown »

Directory of Suppliers

#GDPR2 Conference

#GDPR2 Conference

#GDPR2 : Free Access. The Virtual European Data Protection Conference 28 May 2020. The Economic Forum for Best Practices in Data Protection in the Heart of Europe.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Fidelis Cybersecurity

Fidelis Cybersecurity

Fidelis Cybersecurity is a cybersecurity company focused on prevention of advanced threats and data breaches.

ZM CIRT

ZM CIRT

ZM CIRT is the national Computer Incident Response Team for Zambia.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

Secure Chorus

Secure Chorus

Secure Chorus is a not-for-profit membership organisation for the development of strategies, common technology standards and tangible capabilities in the field of information security.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.